Typically, due to the development of information technology and the Internet, the size of the industry related to online e-commerce and identification increases and the demand for accurate authentication of individuals grows. Accordingly, an existing authentication method using a PIN (Personal Identification Number) or password has reached its maximum limit.
On the other hand, user authentication using biometrics is not only convenient to use and but also commercially available because of its security and economics. The user authentication using biometrics is used mainly in embedded systems such as an ATM (Automated Teller Machine) or personal computers, but is expanding its use up to mobile devices in recent years by the development of technology.
The most prominent feature of biometric information inclusive of a fingerprint is that it has unique advantages that there is no risk of forgetting passwords and that the biometric authentication cannot be achieved unless a relevant person is involved in the biometric authentication.
However, since this biometric information is converted into digital data and is then used in a personal computer, a handheld device, a server, or the like, malicious leakage and collection of the biometric information may cause severe problems different from the outflow of the password.
While a user can arbitrarily change his/her password if it is leaked, the user may not use his/her biometric information for a lifetime if it is leaked. As an example, if data for the index finger/middle finger of the right hand that has been already registered as biometric information of the user is leaked, the user may have to use other fingers to provide his/her biometric information since then. However, there may be a possibility that data of the other fingers is also leaked and furthermore there is a limit to the number of human fingers, which leads to many constraints. Since other biometric information such as the face, finger vein and the like also has a unique value for individual, when it is leaked out once, it may result in fatal consequences.
Furthermore, the crucial feature of the biometric information is the fact that the data relevant to the biometric information changes little by little each time the data is acquired. Thus, since the biometric authentication has a principle to use the similarity of the biometric information registered in advance, biometric information that is newly acquired for biometric authentication may not be 100% consistent with the biometric information registered in advance when comparing them, which makes it difficult to apply the advanced encryption algorithm to the biometric authentication.
In order to avoid this shortcoming, a widely used method is to either encrypt information related to the biometric information and then send the encrypted biometric information, or employ a permanent deformation from which an inverse conversion cannot be achieved by using a fuzzy vault.
However, even though the data is encrypted or modified, if the data is leaked once, attempt to authenticate falsely can be made at any time later with leaked data. Therefore, the aforementioned method may not be a fundamental solution.
In addition, in order to turn the individual authentication using the biometrics into the authentication measurement with high security even in the personal computers and handheld devices beyond the area of existing access control or time attendance, it is necessary to verify that the biometric information under consideration is the biometric information that is acquired immediately when requiring the biometric authentication and is distinct biometric information of a relevant person. This is because while a typical authentication system based on the biometrics in public places is provided with an additional equipment such as a CCTV (Closed Circuit Television), etc. which is capable of monitoring the situation that a relevant person enters his/her biometric information, personal computers or handheld devices can do hacking/cracking works without any restriction in a secret place.
Accordingly, if the underlying problems like this do not be solved, installing the biometric authentication capability on a personal device such as a handheld device mobile device may cause very dangerous problems.